You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Sunitha Kambhampati (JIRA)" <de...@db.apache.org> on 2006/08/18 20:00:15 UTC

[jira] Commented: (DERBY-1622) Add documentation for encrypted database using encryptionKey

    [ http://issues.apache.org/jira/browse/DERBY-1622?page=comments#action_12429070 ] 
            
Sunitha Kambhampati commented on DERBY-1622:
--------------------------------------------

Thanks Laura for working on this.  

Here are my comments on files in derby1622_html.zip.

FILE:  /tdevdvlp40140.html
1)The below statement is not correct.
"
To boot an existing database:
In the URL, specify the encryptionKey and the bootPassword attributes for the encrypted database. For example:
jdbc:derby:encryptedDB;bootPassword=DBpassword;encryptionKey=6162636465666768
"

This needs to be changed to something like 
To boot an existing encrypted database that was encrypted using the bootPassword mechanism, specify the bootPassword attribute. 
For example:
jdbc:derby:wombat;bootPassword=clo760uds2caPe

To boot an existing encrypted database that was encrypted using an external key, specify the encryptionKey attribute.
For example:
jdbc:derby:flintstone;encryptionAlgorithm=AES/CBC/NoPadding;encryptionKey=c566bab9ee8b62a5ddb4d9229224c678  


FILE : /cdevcsecure60146.html
1)Towards the end of the page, there is this line
"For example, the following connections would boot the database and thus require the boot password:"

This should change to account for the encryptionKey attribute also.
"For example, the following connections would boot the database and thus require the boot password or the encryptionKey depending on what mechanism was used to encrypt the database"

2) 
"Note: The boot password is not meant to prevent unauthorized connections to the database after it has been booted"
This should also include the encryptionKey. 

Note: The boot password or the encryptionKey is not meant to prevent unauthorized connections to the database after it has been booted

------------
I was looking a bit at derby-1636 and I realized that maybe we also need to have a link/section under 'Working With Encryption', something similar to 'Creating the boot Password'. in the developer's guide. 

Creating encrypted database with external key.

To create an encrypted database using an external key, you can use the encryptionKey attribute as part of the connection url. 

For example: To create an encrypted db 'encDB' using an external key
jdbc:derby:encDB;create=true;dataEncryption=true;encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=6162636465666768

Note: If you lose the encryptionKey you will not be able to boot the database.  



> Add documentation for encrypted database using encryptionKey
> ------------------------------------------------------------
>
>                 Key: DERBY-1622
>                 URL: http://issues.apache.org/jira/browse/DERBY-1622
>             Project: Derby
>          Issue Type: Task
>          Components: Documentation
>    Affects Versions: 10.2.1.0
>            Reporter: Sunitha Kambhampati
>         Assigned To: Laura Stewart
>            Priority: Minor
>             Fix For: 10.2.1.0
>
>         Attachments: derby1622.diff, Derby1622_html.zip
>
>
> 1)
> In Reference Manual:Section: Setting attributes for the database connection url
> Add the following attribute:
> encryptionKey=key
> Function
> Specifies the key to use for encrypting a new database or booting an existing encrypted database. The application 
> provides the encryption key. 
> Combining with other attributes
> When creating a new database, must be combined with create=true and dataEncryption=true. When booting an existing 
> encrypted database, the encryptionAlgorithm is also required to be specified if the algorithm used when creating the 
> database was not the default algorithm. The default encryption algorithm used by Derby is DES/CBC/NoPadding.
> -- create a new, encrypted database
> jdbc:derby:newDB;create=true;dataEncryption=true;encryptionAlgorithm=DES/CBC/NoPadding;encryptionKey=6162636465666768
> -- boot an encrypted database
> jdbc:derby:encryptedDB;encryptionKey=6162636465666768
> 2)
> Developers Guide:
> http://db.apache.org/derby/docs/dev/devguide/tdevdvlp40140.html
> This should say , Booting an encrypted database.
> This section should also mention the encryptionKey attribute. 
> http://db.apache.org/derby/docs/dev/devguide/cdevcsecure60146.html 
> This section should also mention the encryptionKey attribute.
> Something like change this line from
> "Once you have created an encrypted database, you must supply the boot password to reboot it."
> to
> "If you have created an encrypted database using the bootPassword, then you  must supply the boot password to reboot it. If you have created an encrypted database using the encryptionKey, then you must supply the encryptionKey to reboot it"
> The example should also include the example to boot using the encryptionKey.
> For example, to access an encrypted database called encryptedDB, created with the encryptionKey c566bab9ee8b62a5ddb4d9229224c678 and with encryptionAlgorithm=AES/CBC/NoPadding, you would use the following connection URL:
> jdbc:derby:encryptedDB;encryptionAlgorithm=AES/CBC/NoPadding;encryptionKey=c566bab9ee8b62a5ddb4d9229224c678 

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira